Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/terminalUi.jsView file
47L48: function isExplicitAnsiWindowsTerminal(env = process.env) {
L49: return Boolean(
...
L57:
L58: export function supportsInteractiveUi(stream = process.stdout, env = process.env, platform = process.platform) {
L59: if (env.OCLI_ANIMATED_UI === "1") return Boolean(stream.isTTY && env.CI !== "true" && env.TERM !== "dumb");
...
L173: function plainStartupLog({ port, workspace, token, version, runtimeSource }) {
L174: console.log(`ocli ${version} (${runtimeSource}) listening on http://127.0.0.1:${port}`);
L175: console.log(`workspace: ${workspace}`);
...
L212: let openTimer;
L213: const write = (chunk) => process.stdout.write(chunk);
L214: const draw = () => {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/terminalUi.jsView on unpkg · L47OcliSkills/twitter-downloader/scripts/summarize_tweet.pyView file
•path = OcliSkills/twitter-downloader/scripts/summarize_tweet.py
kind = build_helper
sizeBytes = 1250
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
OcliSkills/twitter-downloader/scripts/summarize_tweet.pyView on unpkgFindings
1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitysrc/terminalUi.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build HelperOcliSkills/twitter-downloader/scripts/summarize_tweet.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings